are objects serialized , sent user , on each connection (stored in cookies) ?
or stored in server heap , cookie small identifier ?
any information topic helpful.
thank you
you got on second guess.
the cookie contains jsessionid. id used user's httpsession in map server maintains. @ least common way. there more intricate ways server can implement this, shuttling entire state forth in cookie isn't 1 of them.
this has implications. first, if server goes down, lose session state. second, if have server cluster, need user connected same server each time, or lose session between subsequent requests. lastly, session hijacking becomes possibility if finds way copy else's jsessionid , replace theirs it.
Comments
Post a Comment